
<?php
/**
 * @package YARBB
 * @copyright Авторские права (C) 2009 www.yar-it.com. Все права защищены.
 * @license Лицензия http://www.gnu.org/licenses/gpl-2.0.htm GNU/GPL, или help/license.php
 * YARBB! - свободное программное обеспечение распространяемое по условиям лицензии GNU/GPL
 * Для получения информации о используемых расширениях и замечаний об авторском праве, смотрите файл copyright.php.
 */
// запрет прямого доступа
defined( '_VALID_MOS' ) or die( 'Прямой доступ запрещен.' );

echo '<script type="text/javascript" src="' . $yarbb_live . '/inc/js/jquery.accordion-1.2.1.js"></script>';
//загружаем библиотеки календаря
mosCommonHTML::loadCalendar();

// Добавить, изменить бан

if (isset($_REQUEST['add_ban']) || isset($_GET['edit_ban'])) {
	if (isset($_GET['add_ban']) || isset($_POST['add_ban'])) {
		// If the id of the user to ban was provided through GET (a link from profile.php)
		if (isset($_GET['add_ban'])) {
			$add_ban = intval($_GET['add_ban']);
			if ($add_ban < 2)

				mosRedirect( 'index2.php?option=com_forum&amp;task=bans', _Y_404 );

			$user_id = $add_ban;
			//s
			$database->setQuery('SELECT group_id, username, email FROM #__forum_users WHERE id='.$user_id);
			if ($database->getNumRows())
				list($group_id, $ban_user, $ban_email) = $database->loadRow();
			else
				mosRedirect( 'index2.php?option=com_forum&amp;task=bans', _Y_BANNOIDUSR );

		}
		else	// Otherwise the username is in POST
		{

			$ban_user = trim($_POST['new_ban_user']);

			if ($ban_user != '') {

				$sql = ('SELECT id, group_id, username, email
								FROM #__forum_users 
								WHERE username=\''.$database->getEscaped($ban_user).'\' AND id>1');
				$database->setQuery($sql);
				$ban_results = $database->loadRow();

				if ($ban_results)

					list($user_id, $group_id, $ban_user, $ban_email) = $ban_results;

				else

					mosRedirect( 'index2.php?option=com_forum&amp;task=bans', _Y_BANNONUSER);

			}

		}

		// Make sure we're not banning an admin

		if (isset($group_id) && $group_id == YARBB_ADMIN)

			mosRedirect( 'index2.php?option=com_forum&amp;task=bans', _Y_BANADM);

		// If we have a $user_id, we can try to find the last known IP of that user

		if (isset($user_id)) {
			//s
			$database->setQuery('SELECT poster_ip FROM #__forum_posts WHERE poster_id='.$user_id.' ORDER BY posted DESC LIMIT 1');
			$ban_ip = ($database->getNumRows()) ? $database->loadResult() : '';

		}

		$mode = 'add';

	}

	else	// We are editing a ban
	{

		$ban_id = intval($_GET['edit_ban']);

		if ($ban_id < 1)

			mosRedirect( 'index2.php?option=com_forum&amp;task=bans', _Y_404 );
		//s
		$database->setQuery('SELECT username, ip, email, message, expire FROM #__forum_bans WHERE id='.$ban_id);
		if ($database->getNumRows($result))

			list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $database->loadRow($result);

		else

			mosRedirect( 'index2.php?option=com_forum&amp;task=bans', _Y_404 );

		$ban_expire = ($ban_expire != '') ? date('Y-m-d', $ban_expire) : '';

		$mode = 'edit';

	}



	$focus_element = array('bans2', 'ban_user');


}

// Add/edit a ban (stage 2)

else if (isset($_POST['add_edit_ban'])) {

	$ban_user = trim($_POST['ban_user']);
	$ban_ip = trim($_POST['ban_ip']);
	$ban_email = strtolower(trim($_POST['ban_email']));
	$ban_message = trim($_POST['ban_message']);
	$ban_expire = trim($_POST['ban_expire']);

	if ($ban_user == '' && $ban_ip == '' && $ban_email == '')

		mosRedirect( 'index2.php?option=com_forum&amp;task=bans', _Y_BANNONLEB);

	else if (strtolower($ban_user) == 'guest')

		mosRedirect( 'index2.php?option=com_forum&amp;task=bans', _Y_BANGUEST);

	// Validate IP/IP range (it's overkill, I know)

	if ($ban_ip != '') {

		$ban_ip = preg_replace('/[\s]{2,}/', ' ', $ban_ip);

		$addresses = explode(' ', $ban_ip);

		$addresses = array_map('trim', $addresses);

		for ($i = 0; $i < count($addresses); ++$i) {

			$octets = explode('.', $addresses[$i]);

			for ($c = 0; $c < count($octets); ++$c) {

				$octets[$c] = (strlen($octets[$c]) > 1) ? ltrim($octets[$c], "0") : $octets[$c];

				if ($c > 3 || preg_match('/[^0-9]/', $octets[$c]) || intval($octets[$c]) > 255)

					mosRedirect( 'index2.php?option=com_forum&amp;task=bans', _Y_BANNONIPDIAP);

			}

			$cur_address = implode('.', $octets);

			$addresses[$i] = $cur_address;

		}

		$ban_ip = implode(' ', $addresses);

	}

	require $yarbb_admin_path.'/include/email.php';

	if ($ban_email != '' && !is_valid_email($ban_email)) {

		if (!preg_match('/^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/', $ban_email))

			mosRedirect( 'index2.php?option=com_forum&amp;task=bans', _REGWARN_MAIL);

	}

	if ($ban_expire != '' && $ban_expire != 'Never') {

		$ban_expire = strtotime($ban_expire);

		if ($ban_expire == -1 || $ban_expire <= time())

			mosRedirect( 'index2.php?option=com_forum&amp;task=bans', _Y_BANNONDATES);

	}

	else

		$ban_expire = 'NULL';
//s
	$ban_user = ($ban_user != '') ? '\''.$database->getEscaped($ban_user).'\'' : 'NULL';

	$ban_ip = ($ban_ip != '') ? '\''.$database->getEscaped($ban_ip).'\'' : 'NULL';

	$ban_email = ($ban_email != '') ? '\''.$database->getEscaped($ban_email).'\'' : 'NULL';

	$ban_message = ($ban_message != '') ? '\''.$database->getEscaped($ban_message).'\'' : 'NULL';

	if ($_POST['mode'] == 'add') {

		$sql = ('INSERT INTO #__forum_bans (username, ip, email, message, expire) VALUES('.$ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.')');
		$database->setQuery($sql);
		$database->Query($sql);
	}
	else {

		$sql = ('UPDATE #__forum_bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire.' WHERE id='.intval($_POST['ban_id']));
		$database->setQuery($sql);
		$database->Query($sql);
	}
	// Regenerate the bans cache

	require_once $yarbb_admin_path.'/include/cache.php';

	generate_bans_cache();

	mosRedirect( 'index2.php?option=com_forum&amp;task=bans', _Y_BAN.(($_POST['mode'] == 'edit') ? _Y_BANED : _Y_BANADDED));

}

// Remove a ban

else if (isset($_GET['del_ban'])) {
	$ban_id = intval($_GET['del_ban']);

	if ($ban_id < 1)

		mosRedirect( 'index2.php?option=com_forum&amp;task=bans', _Y_404 );

	$sql = ('DELETE FROM #__forum_bans WHERE id='.$ban_id);
	$database->setQuery($sql);
	$database->Query($sql);

	// Regenerate the bans cache

	require_once $yarbb_admin_path.'/include/cache.php';

	generate_bans_cache();

	mosRedirect( 'index2.php?option=com_forum&amp;task=bans', _SUCCESS_DELETION);

}

$focus_element = array('bans', 'new_ban_user');

?>

<table class="adminheading">
	<tr>
		<th class="menus"> <span><?php echo _Y_BANS; ?></span> </th>
	</tr>
</table>
<div id="pageWrap" class="pageWrap">
	<div class="pageContent">
		<ul class="accordion">

			<form id="bans" method="post" action="<?php echo 'index2.php?option=com_forum&amp;task=bans&amp;action=more#Bansett'; ?>">
				<li>
					<a href="#Newban"> <?php echo _Y_BANADD; ?></a>
					<div>
						<span>
							<table class="adminlist">
								<tr>
									<td width="18%"><span onmouseover="return overlib('<?php echo _Y_BANADD_D; ?> ', RIGHT);" onmouseout="return nd();" > <?php echo _UNAME; ?></span> </td>
									<td><input type="text" name="new_ban_user" size="40" maxlength="25" tabindex="1" />
										&nbsp;
										<input type="submit" name="add_ban" value="<?php echo _Y_BANADD; ?>" tabindex="2" /></td>
								</tr>
							</table>
						</span>
					</div>
				</li>
			</form>

			<form id="bans2" method="post" action="<?php echo 'index2.php?option=com_forum&amp;task=bans#Banmessage' ?>">
				<li>
					<a href="#Bansett"> <?php echo _Y_BANOPT; ?></a>
					<div>
						<span>
							<input type="hidden" name="mode" value="<?php echo $mode ?>" />
							<?php if ($mode == 'edit'): ?>
							<input type="hidden" name="ban_id" value="<?php echo $ban_id ?>" />
							<?php endif; ?>

							<table class="adminlist" >
								<tr><th colspan="2"><?php echo _Y_BANIPOREM; ?></th></tr>
								<tr>
									<td width="18%"><?php echo _UNAME; ?></td>
									<td><input type="text" name="ban_user" size="25" maxlength="25" value="<?php if (isset($ban_user)) echo yarbb_htmlspecialchars($ban_user); ?>" tabindex="1" />            </td>
								</tr>
								<tr>
									<td><span onmouseover="return overlib('<?php echo _Y_BANIP_D; ?> ', RIGHT);" onmouseout="return nd();" ><?php echo _Y_BANIP;?></span></td>
									<td><input type="text" name="ban_ip" size="45" maxlength="255" value="<?php if (isset($ban_ip)) echo $ban_ip; ?>" tabindex="2" />
									</td>
								</tr>
								<tr>
									<td><span onmouseover="return overlib('<?php echo _Y_BANDOMEN_D; ?> ', RIGHT);" onmouseout="return nd();" ><?php echo _Y_BANDOMEN; ?></span></td>
									<td><input type="text" name="ban_email" size="40" maxlength="50" value="<?php if (isset($ban_email)) echo strtolower($ban_email); ?>" tabindex="3" />           </td>
								</tr>
							</table>
							<p><strong><?php echo _Y_BANWARN; ?></strong></p>

							<table class="adminlist">
								<tr><th colspan="2"> <?php echo _Y_BANMESS; ?></th></tr>
								<tr>
								<tr>
									<td width="18%"><?php echo _Y_BANMESS; ?></td>
									<td><input type="text" name="ban_message" size="50" maxlength="255" value="<?php if (isset($ban_message)) echo yarbb_htmlspecialchars($ban_message); ?>" tabindex="4" />              </td>
								</tr>
								<tr>
									<td><span onmouseover="return overlib('<?php echo _Y_BANDATE_D; ?> ', RIGHT);" onmouseout="return nd();" ><?php echo _Y_BANDATE; ?></span></td>
									<td><input type="text" name="ban_expire" size="17" maxlength="10" value="<?php if (isset($ban_expire)) echo $ban_expire; ?>" tabindex="5" id="publish_down" />  <input type="reset" class="button" value="..." onClick="return showCalendar('publish_down', 'y-mm-dd');">            </td>
								</tr>
							</table>
							<p>
								<input type="submit" name="add_edit_ban" value="<?php echo _CMN_SAVE; ?>" tabindex="6" />
							</p>
						</span>    </div>
				</li>
			</form>

			<li><a href="#Banmessage"> <?php echo _Y_BANLIST; ?></a>
				<div><span>
						<?php

						$sql = ('SELECT id, username, ip, email, message, expire FROM #__forum_bans ORDER BY id');
						$database->setQuery($sql);
						$cur_ban_result = $database->loadAssocList();

						if ($cur_ban_result) {

							foreach ($cur_ban_result as $cur_ban) {

								$expire = format_time($cur_ban['expire'], true);

								?>

						<table class="adminlist">
									<?php if ($cur_ban['username'] != ''): ?>
							<tr><th colspan="2"><?php echo _Y_BAN; ?></th></tr>
							<tr>
								<td width="18%"><?php echo _UNAME; ?></td>
								<td><?php echo yarbb_htmlspecialchars($cur_ban['username']) ?></td>
							</tr>
							<tr>
								<td><?php echo _Y_BANDATE; ?></td>
								<td><?php echo $expire ?></td>
							</tr>
									<?php endif; ?>
									<?php if ($cur_ban['email'] != ''): ?>
							<tr>
								<td>E-mail</td>
								<td><?php echo $cur_ban['email'] ?></td>
							</tr>
									<?php endif; ?>
									<?php if ($cur_ban['ip'] != ''): ?>
							<tr>
								<td><?php echo _Y_BANIPDIAP; ?></td>
								<td><?php echo $cur_ban['ip'] ?></td>
							</tr>
									<?php endif; ?>
									<?php if ($cur_ban['message'] != ''): ?>
							<tr>
								<td><?php echo _Y_BANMESS; ?></td>
								<td><?php echo yarbb_htmlspecialchars($cur_ban['message']) ?></td>
							</tr>
									<?php endif; ?>
							<tr><td colspan="2"><a href="<?php echo 'index2.php?option=com_forum&amp;task=bans&amp;edit_ban='.$cur_ban['id']. '#Bansett'; ?>" id="yarlink"><?php echo _CHANGE; ?></a> - <a href="<?php echo 'index2.php?option=com_forum&amp;task=bans&amp;del_ban='. $cur_ban['id'] ?>" id="yarlink"><?php echo _E_REMOVE; ?></a></td></tr>
						</table>

					</span></div>
			</li>
		</ul>
	</div>
</div>
		<?php

	}

}
else
	echo "\t\t\t\t".'<p>'._Y_BANNONE.'</p>'."\n";
